Extracted

• • Target

    2be7e32b1c4e175237eed1e23e150b7c_JaffaCakes118

  • Size

    543KB

  • MD5

    2be7e32b1c4e175237eed1e23e150b7c

  • SHA1

    56c3c3013cfc68aa1705d240fc6caacdede33c69

  • SHA256

    b686ad44c1a404d73526de4fabdee6a36f5504b466b172ab62661d0359961f09

  • SHA512

    4038049d60442f7abcbcead224889c6b51d127003e52199d1108fd23b881da94407c0c2e09713c543682a6a857696001aeaee0f40f6b0793dedd4c46bc153616

  • SSDEEP

    12288:FL92LR2WuX3wgKO7M+S+DufgXLl5KLmY8c9JSzeaczubiwmc:D2l2dEp+DufgXLlsqYJS/aUiw9

  Score

  10^/10

  azorultdiscoveryinfostealerpersistencetrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2